Merge remote-tracking branch 'origin/develop'

László Vaskó · László Vaskó · commit f6fe7db09056 · 2019-09-11T09:25:39.000+02:00
diff --git a/README.md b/README.md
@@ -1,2 +1,31 @@
 # openconnect-sso
-Wrapper script for openconnect supporting Azure AD (SAMLv2) authentication
+Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication
+
+## TL; DR
+```bash
+$ pip install openconnect-sso-$VERSION.whl
+$ openconnect-sso --server vpn.server.com/group
+```
+
+## Configuration
+If you want to save credentials and get them automatically
+injected in the web browser:
+```bash
+$ openconnect-sso --server vpn.server.com/group --user user@domain.com
+Password (user@domain.com): 
+[info     ] Authenticating to VPN endpoint ...
+```
+
+User credentials are automatically saved to the users login keyring (if available).
+
+If you already have Cisco Anyconnect set-up, then `--server` argument is optional.
+Also, the last used `--server` address is saved between sessions so there is no need
+to always type in the same arguments:
+
+```bash
+$ openconnect-sso
+[info     ] Authenticating to VPN endpoint ...
+```
+
+Configuration is saved in `$XDG_CONFIG_HOME/openconnect-sso/config.toml`. On typical
+Linux installations it is located under `$HOME/.configopenconnect-sso/config.toml`
diff --git a/openconnect_sso/__init__.py b/openconnect_sso/__init__.py
@@ -1,4 +1,4 @@
-__version__ = "0.1.0"
+__version__ = "0.2.0"
 __description__ = (
-    "Wrapper script for openconnect supporting Azure AD (SAMLv2) authentication"
+    "Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication"
 )
diff --git a/openconnect_sso/app.py b/openconnect_sso/app.py
@@ -63,7 +63,7 @@ async def _run(args):
 
     if cfg.default_profile and not args.use_profile_selector:
         selected_profile = cfg.default_profile
-    else:
+    elif args.use_profile_selector:
         profiles = get_profiles(Path(args.profile_path))
         if not profiles:
             logger.error("No profile found")
@@ -73,7 +73,14 @@ async def _run(args):
         if not selected_profile:
             logger.error("No profile selected")
             return 18
-        cfg.default_profile = selected_profile
+    elif args.server:
+        selected_profile = config.HostProfile(args.server, args.usergroup)
+    else:
+        raise ValueError(
+            "Cannot determine server address. Invalid arguments specified."
+        )
+
+    cfg.default_profile = selected_profile
 
     config.save(cfg)
 
diff --git a/openconnect_sso/cli.py b/openconnect_sso/cli.py
@@ -1,24 +1,26 @@
 import argparse
 import enum
 import logging
+import os
 
 import openconnect_sso
-from openconnect_sso import app
+from openconnect_sso import app, config
 
 
 def create_argparser():
     parser = argparse.ArgumentParser(
         prog="openconnect-sso", description=openconnect_sso.__description__
     )
-    parser.add_argument(
+
+    server_settings = parser.add_argument_group("Server connection")
+    server_settings.add_argument(
         "-p",
         "--profile",
         dest="profile_path",
         help="Use a profile from this file or directory",
-        default="/opt/cisco/anyconnect/profile",
     )
 
-    parser.add_argument(
+    server_settings.add_argument(
         "-P",
         "--profile-selector",
         dest="use_profile_selector",
@@ -27,6 +29,20 @@ def create_argparser():
         default=False,
     )
 
+    server_settings.add_argument(
+        "-s",
+        "--server",
+        help="VPN server to connect to. The following forms are accepted: "
+        "vpn.server.com, vpn.server.com/usergroup, "
+        "https://vpn.server.com, https.vpn.server.com.usergroup",
+    )
+    server_settings.add_argument(
+        "-g",
+        "--usergroup",
+        help="Override usergroup setting from --server argument",
+        default="",
+    )
+
     parser.add_argument(
         "--login-only",
         help="Complete authentication but do not acquire a session token or initiate a connection",
@@ -57,8 +73,9 @@ def create_argparser():
 
 
 class LogLevel(enum.IntEnum):
-    INFO = logging.INFO
+    ERROR = logging.ERROR
     WARNING = logging.WARNING
+    INFO = logging.INFO
     DEBUG = logging.DEBUG
 
     def __str__(self):
@@ -76,4 +93,20 @@ def choices(cls):
 def main():
     parser = create_argparser()
     args = parser.parse_args()
+
+    if (args.profile_path or args.use_profile_selector) and (
+        args.server or args.usergroup
+    ):
+        parser.error(
+            "--profile/--profile-selector and --server/--usergroup are mutually exclusive"
+        )
+
+    if not args.profile_path and not args.server and not config.load().default_profile:
+        if os.path.exists("/opt/cisco/anyconnect/profiles"):
+            args.profile_path = "/opt/cisco/anyconnect/profiles"
+        else:
+            parser.error(
+                "No Anyconnect profile can be found. One of --profile or --server arguments required."
+            )
+
     return app.run(args)
diff --git a/openconnect_sso/config.py b/openconnect_sso/config.py
@@ -1,5 +1,5 @@
 from pathlib import Path
-from urllib.parse import urlunparse
+from urllib.parse import urlparse, urlunparse
 
 import attr
 import keyring
@@ -59,13 +59,19 @@ def as_dict(self):
 
 @attr.s
 class HostProfile(ConfigNode):
-    name = attr.ib(converter=str)
     address = attr.ib(converter=str)
     user_group = attr.ib(converter=str)
+    name = attr.ib(converter=str, default="UNNAMED")
 
     @property
     def vpn_url(self):
-        return urlunparse(("https", self.address, self.user_group, "", "", ""))
+        parts = urlparse(self.address)
+        group = self.user_group or parts.path
+        if parts.path == self.address and not self.user_group:
+            group = ""
+        return urlunparse(
+            (parts.scheme or "https", parts.netloc or self.address, group, "", "", "")
+        )
 
 
 @attr.s
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,7 +1,7 @@
 [tool.poetry]
 name = "openconnect-sso"
-version = "0.1.0"
-description = "Wrapper script for openconnect supporting Azure AD (SAMLv2) authentication"
+version = "0.2.0"
+description = "Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication"
 authors = ["László Vaskó <laszlo.vasko@outlook.com>"]
 readme = "README.md"
 
diff --git a/tests/test_hostprofile.py b/tests/test_hostprofile.py
@@ -0,0 +1,17 @@
+import pytest
+
+from openconnect_sso.config import HostProfile
+
+
+@pytest.mark.parametrize(("server", "group", "expected_url"), (
+        ("hostname", "", "https://hostname"),
+        ("hostname", "group", "https://hostname/group"),
+        ("hostname/group", "", "https://hostname/group"),
+        ("https://hostname", "group", "https://hostname/group"),
+        ("https://server.com", "group", "https://server.com/group"),
+        ("https://hostname/group", "", "https://hostname/group"),
+        ("https://hostname:8443/group", "", "https://hostname:8443/group"),
+))
+def test_vpn_url(server, group, expected_url):
+    assert HostProfile(server, group).vpn_url == expected_url
+
diff --git a/tests/test_openconnect_sso.py b/tests/test_openconnect_sso.py
@@ -2,4 +2,4 @@
 
 
 def test_version():
-    assert __version__ == '0.1.0'
+    assert __version__ == '0.2.0'

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-__version__ = "0.1.0"`
	`1`	`+__version__ = "0.2.0"`
`2`	`2`	`__description__ = (`
`3`		`- "Wrapper script for openconnect supporting Azure AD (SAMLv2) authentication"`
	`3`	`+ "Wrapper script for OpenConnect supporting Azure AD (SAMLv2) authentication"`
`4`	`4`	`)`
Original file line number	Diff line number	Diff line change
`@@ -2,4 +2,4 @@`
`2`	`2`
`3`	`3`
`4`	`4`	`def test_version():`
`5`		`- assert __version__ == '0.1.0'`
	`5`	`+ assert __version__ == '0.2.0'`